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CLAIMS : 

1 . A method for controlling customer resources for network traffic delivery, 
comprising: 

tracking network utilization of a group jbf endpoints on a network to generate group 



utilization level information corresponding to 



i current amount of network resource 



consumption by the group; 

receiving a message corresponding to b 



request for network resources for a data flow 



for one of the endpoints, the request including an identifier associated with the one endpoint; 
and 

10 determining whether the rptjuest is to be accepted based on the group utilization level 

ji ^ information, the identifier, and a predetermines profile, the predetermined profile being 
associated with the group and includirtg^^^workutilization limit. 



15 



20 



2. The method of claim 1, vfaefejta-tfte^step of receiving comprises: 
receiving the request from one of a router and a packet switch, associated with the 
one endpoint; and 

wherein the method further comprises the step of: 

forwarding to the router the res lit of the decision whether to accept the request. 



3. The method of claim 2, wherein the router is a policy enforcement point (PEP), and 
the method further comprises the step of: 

receiving, from the PEP, the r jquest for network resources for a data flow for the one 
endpoint. 
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ethod of claim 3, further 
steps of tracking 

policy decision point. 



comprising the step of: 
receiving, and determining on a server that forms a 



5. The method of claim 1, wharein the step of determining comprises the step of: 
5 applying a policy rule, using tpe group utilization level information, the identifier, and 

the predetermined profile to determine whether the group exceeds the network utilization 
| limit. 

I ^3 ^ e met ^ 0 ^ °f claiir^Twherein the policy rule in the step of applying comprises: 

^ an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 

iO flow rule, and a flow time limit rule. 

igthod of claim 1, wherein theferoup is associated with a reserved bandwidth 
port ( RLAP) and the rrethod further comprises the steps of: 
tracking network utilization of the RliAP, the RLAP including the one endpoint to 
generate RLAP utilization level information/corresponding to a current amount of network 
15 resource consumption by the RLAP; and 

wherein the step of determining comprises the step of: 
determining whether the request is to be accepted based on the RLAP utilization level 
information and another predetermined profile that is associated with the group, includes a 
corresponding network utilization limit./ 
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8. The method of claim 1, furtqer comprising the step of: 
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adjusting the group utilization 



evel information, when the request is accepted, to 
reflect the installment of the request a^id the corresponding increase in network resources 
consumption. 

(q ^. The method of claim further comprising the step of: 

receiving another message corresponding to a discontinuance of the data flow and to 
the availability of network resources formerly consumed by the data flow; and 

adjusting the group utilization level information to reflect the availability of the 
network resources formerly consumed by the data flow. 
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10. A system for controlling custon^er resources for network traffic delivery, 
comprising: 

means for tracking network utilization of a . group of endpoints on a network to 
generate group utilization level informatio^ corresponding to a current amount of network 
resource consumption by the group; 

means for receiving a message cc5r|espdnding to a request for network resources for a 
data flow for one of the endpoints, the ye^estn^cluding an identifier associated with the one 
endpoint; and 

means for determining whetheTtlTfe'Tequest is to be accepted based on the group 
utilization level information, the identifier, and a predetermined profile, the predetermined 
profile being associated with the group And including a network utilization limit. 



11. The system of claim 10, wherein the means for receiving comprises: 



r 



means for receiving the request pm one of a router and a packet switch associated 
with the one endpoint; and 

wherein the system further coyhprises: 

means for foiwarding^6^he7b%^ter the result of the decision whether to accept the 
request. 



12. The system of 



wherein the router comprises: 



a policy enforcement point (PEP); and 
wherein the system further comprises: 

means for receiving, frpm the PEP, the request for network resources for a data flow 
for the one endpoint. 

13. The-s^stem of claim 12, further comprising: 

"aserver forming a policy decision point, said server including the means for tracking, 
the means for receiving, and the meats for determining. 




14. The system of claim 1QL wherein the means for determining comprises: 
means for applying a policy rule, using the group utilization level information, the 
identifier, and the predetermined profile to determine whether the group exceeds the network 
utilization limit. 



^ The system of claim^^ wherein the policy rule comprises: 
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an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 
flow rule, and a flow time limit rule. 

16. The-s^§tem of claim 10, wherein the group is associated with a reserved 
service logical access port (MAP), said RLAP including the group; and 
wherein the system further comprises: 
means for tracking network utilization of the RLAP, the RLAP including the one 
endpoint to generate RLAP utilization level information corresponding to a current amount 
of network resource consumption bw the RLAP; and 

wherein the means for determining further comprises: 

means for determining whether the request is to be accepted based on the RLAP 
utilization level information arid another predetermined profile that is associated with the 
group includes a corresponding network utilization limit. 
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17. The system of claim 10, further comprising: 

means for adjusting the group utilization level information, when the request is 
accepted, to reflect thp installment of the request and the corresponding increase in network 
resources consumption. 



I^Uyf- The system of claim jlf, further comprising: 



means for receiving another message corresponding to a discontinuance of the data 
flow and to the availability of network resources formerly consumed by the data flow; and 

means for adjusting the group utilization level information to reflect the availability 
of the network resources formerly consumed by the data flow. 
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19. A computer readable medium storing program instructions for execution on a 
computer system, which when executed by a pomputer, cause the computer to perform the 
steps of: 

tracking network utilization of a grqtap of-endpoints on a network to generate group 



utilization level information corresponding 
consumption by the group; 

receiving a message corresponding 



determining whether the rootfest is 
information, the identifier, and alpredetj 
associated with the group and includi 



to a current amount of network resource 



r 



to a request for network resources for a data flow 
for one of the endpoints, the request including an identifier associated with the one endpoint; 
and 



accepted based on the group utilization level 
profile, the predetermined profile being 
etworkVutilization limit. 



20. The computer readable mediujn of claim 19, wherein the step of receiving 
comprises: 

receiving the request from one offa router and a packet switch associated with the one 
endpoint; and 

wherein the computer readable iiedium further includes program instructions for 
causing the computer to perform the step of: 

forwarding to the router the result of the decision whether to accept the request. 

21. The computer readable medium of claim 20, wherein the router is a policy 
enforcement point (PEP), and the computer readable medium further includes program 
instructions for causing the computer 1 o perform the step of: 
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receiving, from the P 





uest for network resources for a data flow for the one 



22T^rhe^Qomputer readable mediunA of claim 2 1 , wherein the computer readable 
ledium furthet-eomprises program instructions for causing the computer to form a policy 
decision point independent of said PEPj 



23. The computer readable medium of claim 19, wherein the step of determining 
comprises the step of: 

applying a policy rule, using/ the group utilization level information, the identifier, and 
the predetermined profile to determine whether the group exceeds the network utilization 



40 limit. 
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/5>. The computer readable medium of claim wherein the policy rule in the step of 
applying comprises: 

an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 
flow rule, and a flow time limit rule. 

computer readable mediAm of claim 19, wherein the group is associated with 
service logical adcess port (RLAP), and the computer readable medium 
further includes program instructions for causing the computer to perform the step of: 
tracking network utilization of the RLAP, the RLAP including the endpoint to 
generate RLAP utilization level information corresponding to a current amount of network 




resource consumption by the RLAPr, and 
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wherein the step of determining cqmprises the step of: 

I 

determining whether the request is to be accepted based on the RLAP utilization level 
information and another predeterminecj/profile that is associated with the group includes a 
corresponding network utilization lirtfit. 
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26. The computer readable medium of claim 19, wherein the computer readable 
medium further includes prograip instructions for causing the computer to perform the step 

of: 

adjusting the group utilization level information, when the request is accepted, to 
reflect the installment of the Request and the corresponding increase in network resources 
consumption. 



The computer readable medium of claim ^ wherein the computer readable 
medium further includes program instructions for causing the computer to perform the steps 
of: 

receiving another message corresponding to a discontinuance of the data flow and to 
the availability of network resources formerly consumed by the data flow; and 

adjusting the group utilization level information to reflect the availability of the 
network resources formerly consumed by the data flow. 
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28y A memory for storing infor 



traffic delivery, comprising a data structi i e including 



a field for storing a first identifiei 



jn for controlling customer resources for network 



corresponding to a policy enforcement point; 
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a field for storing a second identifier co responding to a group of endpoints on a 
network, the group of endpoints being associated with the policy enforcement point; and 

a field for storing predetermined netwa k utilization limit information for the group. 

29. The memory according to claim 2£, wherein the field for storing group utilization 
limit information comprises: 

a field for storing a limit for a number 
during a time period; 

a field for storing a limit for an amou^ 

and 

a field for storing a limit {for a numbdr of fldws currently active for the group. 



of flow request attempts by the group occurring 



of bandwidth currently in use by the group; 



^0^) A memory for storing infomia 
traffic delivery, comprising a datastfttetuii 




ntrolling customer resources for network 
ing: 



a field for storing a first identifier < orresponding to a policy enforcement point; 

a field for storing a second identifi sr corresponding to a group of endpoints on a 
network, the group of endpoints being ass sciated with the policy enforcement point; and 

a field for storing network utilization level information for the group, the network 
utilization level information corresponding to a current amount of network resource 
consumption by the group. 



31. The memory of claim 30, wperein the field for storing group utilization level 
20 information comprises: 



-45- 



f 



a field for storing a number oHlW request attempts by the group occurring during a 
time period; A 1 N 

a field for storing an am(5U|U o^apdwmth currently in use by the group; and 
a field for storing a number of flows currently active for the group. 
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